Will you be using the new Passwords app from Apple when it comes out? Why or why not? And be sure to check out my video comparing the best third-party password manager options: th-cam.com/video/BsVkVa0n0T0/w-d-xo.html
Nope. It suffers the same issue as iOS has - using login passcode to access. I am also a multi-OS person. Apple only is automatically a “No” for me. Using Proton Pass which offers me additional options.
I already use bitwarden so i'll stick with that. My wife however is a creature of convenience and cannot stand how locked down my bitwarden is. When the update comes through i'll likely migrate her to passwords.
You can say what you want about Apples Password manager, but the fact that it unlike many other popular third party ones has never suffered a data breach is incredible.
Doesn't mean it can't happen. Best practices is to write them down on paper and secure it in a fireproof safe... People need to stop depending on password manager apps as it's a target for hackers. iPhones have been jailbroken remotely (pegasus as an example) so it's not impossible.
I think Apple Passwords is the best choice for anyone in the Apple ecosystem. I’ve never felt the need to store my passports or IDs in a password app since they can be securely kept in the Notes app with a custom password. Concerns about hypothetical security issues seem like self-justifications for sticking with a third-party app. I understand that using cross-platform devices or not wanting to depend on one company are good reasons for opting for a third-party password manager tho.
Exactly, I don’t know why he didn’t mention that when he made such a big deal about not storing credit cards or passport info on the Passwords app. The only thing that I totally agree with is the cross platform issue. I Deal with that daily but the solution I have is when I’m sitting at my PC my phone is typically on the desk and I just open up the phone to the Passwords app and type it into the needed information on my PC. I promise, it’s not difficult.
Turning on Stolen Device Protection means that, if Face ID verification fails, it will NOT allow the Passcode as a fallback option, it will only accept Face ID. This works with the Passwords app but also everywhere that asks for Face ID
Why are you talking like this would be new? The Apple Password Manager existed for a long time it was just inside the settings app and not a separate app. The only new function that this app has is the ability to generate wifi QR-Codes. So there wont be any Apple Users switching over to the new app since they are already using it just with a slightly different interface.
I’ve been using Keychain for years now, and been really going crazy with security and privacy stuff this last year and even managed to enable 2FA via authenticator on any accounts that allow it, and made super strong passwords as well. Been running the beta of iOS 18 for a while now and the new Passwords app is awesome! Think Apple really just killed 1Password and a lot of others with this one haha.
I saw the reasons you put and they are 100% understandable, and although I consider that I am like you, in that I do not like to depend on a single company sometimes, or that I like to have extra security in certain internal apps beyond the code, in this case because I have several Apple devices I feel it is the only exception I am willing to make, as I want to have the benefits of having a code authenticator and my password manager in the same place, since I find it very complex, time consuming and even unsafe to have to re-install the apps I have every time I change devices or format, and it is extremely satisfying that once I log into a new Apple device, I have all my passwords at hand in a secure, private, easily accessible way but only if I put my face to unlock it. I also like this kind of easier and quicker way to access my credentials because on a few past occasions I have been on the verge of losing my passwords both authenticator and regular passwords due to backups, expired subscriptions, etc and it sucks that feeling, but I totally understand that it doesn't work so well for someone who is not into the Apple ecosystem completely.
I’ve been using the existing Keychain app and the extensions for Edge and Chrome work quite well, even allowing for newer features of the Keychain app, like shared passwords. The iCloud for windows app is actually quite handy if you’re stuck using a Windows PC and need access to your otherwise Apple ecosystem.
It's just an upgraded version of iCloud Keychain to make it more user friendly. Why haven't you used iCloud Keychain tho cuz it's free and working exactly the same way lol...
If you in apples ecosystem fully and have no android devices that you would need to sign in on then apple’s password manager is a a good bet. Plus no major breaches so yea
"Apple is taking away any excuse to not use a password manager." I highly disagree with this. The majority of senior citizens do not know how to use most software on computers, tablets or phones. My parents (and most of my other family members parents and friend parents and other people I know's parents) don't even know how to use an Excel spreadsheet, or a money management application, let alone a password manager. It's not really their own fault. It's the fault os UI designers that only design software based on other software that is already out there. And, the majority of software is confusing and complicated and has small text and small buttons and on touch devices, requires to you do things with your fingers that many seniors can't do because of arthritis, etc. Anyway, there are A LOT of reasons that senior citizens can't use a password manager and all of those reasons have to do with complexity or even understanding how to create a user name and password for specific websites in the first place.
Josh, you inspired me to create my own business based on cybersecurity as I am very interested in your content. I want to say thank you for this channel because I now found what my interest is in 🙂
Apple's new password app does NOT make the need for cross-platform compatibility go away, and it does not help anyone not in the Apple ecosystem. Companies like Bitwarden and 1Password and Proton Pass are not going to be sherlocked by this.
@@AllThingsSecured I have a random question - what do you think about Ente Auth? Do you think it has potential? I want to have a cross-platform dedicated secure authenticator w/ native non-big-tech-cloud and non-self-hosted syncing in case Twilo goes off the walls and destroys Authy.
@@DamariobrosI just started using Ente after trying 2FAS add MS Authenticator and I prefer Ente, it’s got a few more features and unlike 2FAS it’s been audited.
Is this more or less just an enhanced, more user-accessible version of Keychain? I’m already using Keychain for many (not all) passwords, so this seems like a natural evolution - which I guess is Apple’s strategy. Thanks for the video!
I thought I’d mention that (1) the keychain has had an interface for quite a long time, and (2) Apple’s Notes can encrypted and store things like your passport and other information.
Just to clarify, with Stolen Device Protection enabled, you NEED Face ID to get in, you can “trick” it a bit and have the passcode option pop up, but after inputting you passcode, it’ll still ask you for Face ID again. 😄
It would seem a given that we could hide the Apple password app in the new ‘hidden folder’ feature. But no, it’s not possible? Out of all my apps this is the first one I’d like to hide - the reason being obvious.
I have switched from 1password to using the built-in tools inside macOS. I use the passwords feature, that’s accessible by the settings app, and this new password app, and then I store everything else that you are mentioning in secure notes in the notes app.
So, twilo has had breaches and has had quite a few problems in the past from what I understand. As someone who has all their 2fa with authy, wouldn’t apple’s solution benefit me is a very real way?
I moved to it and I love it. I’ve used Apple for well over 20 years and pretty much everything I do revolves around Mac and iPhone and iPad, both personally, and professionally, and as someone with a disability? 3/4 of mobile screen reader users use iPhone last I checked. :-)
After years as a Windows IT manager, I am now all-in on Apple, but won't be adopting this anytime soon. I know the keychain has been compromised in the past by malware. May reconsider in the future if Apple implements better security for the keychain.
That’s only valid for MacOS though, which in general has great protection from malware in the first place. I’m not saying this is totally fool proof or will never happen, but malware on iPhone and iPad is pretty much non existent anyways
Apple’s security is pretty high in my opinion, especially if you just use Apple devices. As the way they have the ecosystem set up, it’s pretty much locked down from being breached. Just need to be cautious of receiving and accepting malicious and suspicious files, as most rats anyways nowadays are added by human reverse engineering into getting it downloaded and activated.
I am surprised you are not mentioning the obvious advantage that the Apple pw manager is free while most other options not only come as a one off cost but as a subscription - which is the most annoying lock-in. I agree that the ability to store and protect PII data and other assets would be good.
Thanks for the video. What I would like to know is, if you rely on a specific app to generate a username and/or password for you and most people might have upwards of about 75+ of them, do people right them all down as a back up? What happens if your password manager app/ company goes down for a few hours or a day, has a breach, goes out of business etc.... how do recover all that info? Do they have a way were you can print all of that info just in case or as a back up?
Some password managers let you export all your passwords to a file (I don’t think the Apple Passwords app does this). But obviously having all your passwords in a file is more risky than writing them down - if in a file, that means anyone who can get into your computer can get the file. Password managers usually keep a local encrypted copy of all your passwords, so it doesn’t matter if they go offline. What I did for a while was keep all my passwords both in Apple Keychain (now the Passwords app) as well as a third party password manager. But I’ve since realized that redundancy is not really needed, since every site lets you recover your password if you have access to your email or phone. Some sites do require two factor authentication (2FA), for those you need to have saved the backup codes they give you when you enable 2FA.
Yes, I've just purchased my first iphone ever on Friday and I started using the password app today and I'm really enjoying both my iphone 16 pro and the password app. Good job Apple 🍎
I am quite pleased that Apple have done this. I moved to Apple because of their security benefits. Who on earth would anyone open their phone with anyone looking over their shoulder.
I’m excited for this. Not only is apple making their own native password manager but ITS FREE lol. Most people aren’t even going to use their password manager for any other reason other than to hold like their Facebook, chick fil a, or Starbucks login. So, apple is once again giving you what you need and leaving out the rest. It does suck that you basically have to be all in on iOS BUT, most people who are excited about this feature most likely have everything by Apple anyways lol.
I'm a 1password user and I was convinced I would move it all to Apple's new Password app... until I saw your video. Thank you and I agree, I will stay with 1password
Yeah having a password manager that only works on ios doesn't do anything for me. I use a third party manager because I multiple different devices and a third party manager is device agnostic.
I think another point to consider is that passkeys will slowly gain traction and it will become more and more common she’ll be able to login by scanning a QR code with your iPhone, which then lock you in from the past key stored on the iPhone. This will make it less and important where are you stole your pass keys. Also, I hear a lot of talk about being locked into the Apple ecosystem if you choose the iCloud keychain / Passwords app now. If you have a Mac, it is absolutely possible to export all your passwords and 2FA codes an import to another password manager, and there is no “lock-in”. For passkeys it’s a different story, but the FIDO Alliance seems to be slowly working towards exploring and importing of pasties sometime in the future so lock-in of passkeys is most likely temporary. But of course, worth considering nonetheless.
I love when people whine about "locking yourself into the Apple ecosystem." It's always some young buck who has an authority issue or an anti-"The Man" attitude. After using it for 20 years now, there is nothing better.
I pretty much agree with everything in this video. the apple only part of this is a downside, but having it using your apple creds and not some password manger only creds/keys is a huge nono. also, haing all your eggs in one basket is sometimes bad.
Why is nobody talking about how well iOS integrates password management vs Android? The fact it just works in pretty much all major browsers, 3rd party apps and Apple apps is amazing. Is there a way to get Android to be as integrated for password autofill like iOS?
I currently use 1Password, but I'm trying out the passwords app now to see if it fits my needs. Am I missing something, or is there no way to generate a password for an existing login? It only seems to generate one if I'm adding an entirely new login, but I can't seem to generate a password if, for example, I want to change my password on a site.
To generate a new one for an existing login in you would need to hit edit then delete the old one. It’ll then show a prompt above the keyboard with a strong password suggestion. This is on the iPhone though, I haven’t tried it on Mac
On my iOS 18 public beta, I can only open Apple Passwords with Face ID. No option to use a code. A different code would be appreciated though, in case of face injury I guess.
Currently in iOS 17, Passwords located in Settings can not be opened by the device Pin (any longer). I don’t recall which update that was and changed that (needed) security setting. Is that not the case going forward with the new Passwords app?
Surely even your 3rd party PW App isn’t (as you imply) wholly independent as it sits on the iOS OS anyways so if there is any breach its as likely to be that than any other features of a 3rd party App that sits on top. This is the case for any App it’s only as strong or secure as whats underneath.
If you ever come into contact with police, just hold the necessary button to power off, it forces the phone to require your password on the next unlock. People are quick enough to get their phone out and start recording at the mere sight of a cop, it’s even quicker and easier to lock your phone up.
My first experience with the new Passwords app involved signing up to a new app account. I allowed the Apple security system to suggest a secure password. When I went to sign onto the app, the password was not available, and was not present in the password app. A real fail.
If I don’t use the iPhone password app I can no longer autofill any of my passwords. Normally they’re saved in safari settings or something. So now if I delete the new password app you no longer have saved passwords to autofill. That’s ridiculous. I don’t want a password app that says look at me as an app.
@@Wesley-Houlas I'm not understanding your issue here. If you don't want to use the app, then don't. Just remove it from your home screen. You don't have to delete it. Autofill will still be enabled. That way if you by chance need it later, you can access it from your App Library. It's better to have it and not need it than need it and not have it.
Is there no option to write any notes for any of the login accounts eg: signed up on X date, bought Y, app key details, subscription ends on this date, cancelled because of reasons?
Being dependent on Apple for everything sounds expensive. I’ve learned my lesson from so many other apps that lured me in with some feature then I’m struggling to get out of that ecosystem. I’d rather go open source where I have full control of my data and I’m not on a platform that can get as expensive as Apple. Plus I like having full control of my data and not getting dependent on Apple to make things “easy “ for me.
Well for starters, you shouldn't be entering your passcode in plain view of anyone else. You should rely only on Face ID when in public. But to answer your question: yes they would need your phone itself to actually do anything if they know your passcode.
It is all subjective. It is your opinion. For me, it is about time Apple provided an app so you do not have to dig into Safari settings on a Mac, iPhone, tablet, or MacBook. One stop, shop all is my motto.
I strongly agree that putting all your eggs in one basket is not the greatest of ideas. With the recent global issue of computers getting the blue screen of death should at least hint that having options or your things spread out is beneficial.
Hey, thanks for a great video, certainly some very thought-provoking security info. I accidentally stumbled on a new setting, if you long press on the Passwords app, there’s an option to select require Face ID (seems like you can do this with many apps)… This prevents you from being able to type in a manual password and forces you to verify with Face ID… Could you look into this and repost a new video With additional considerations given the pin loophole seems to have a fix?
that's not a fix at all. If it doesn't recognize your face, it will always default to your device password. No matter which app or function, it's just how FaceID is designed. The only exception is stolen device protection.
@@PvtAnonymous realized that as well, if you cause it to cancel out it defaults back to the key which is annoying. They will need to fix this loophole if they want a secure product. Either way I’m a 1Pw convert now since Apple doesn’t have a truly secure product
@@bobekdj same here. I use a self-hosted Bitwarden instance and don't have to deal with the normie-shenanigans anymore. Just the feature set of Bitwarden already trumps Apple's Passwords app.
Great video. It makes perfect sense not to have everything in one place. It's strange that Apple didn't thing of documents, passport info and other things when they made this app. Maybe they're not as professional as they thought they were.
It’s a good free alternative for those that have apple and eventually windows, which I imagine will remain as it is; an extension. Obviously better options out there, but for free - what’s not to like
I think you did some copy-pasta on the description because there are chapter markers that make no sense for this video... That aside, I completely agree with having your password manager separate from the OS and the 2FA utility separate from the password manager.
for me i prefer the comfort of not having a thousand different security apps and as far as I know, Apple does a great job at being secure. I would recommend not using a six digit numbers only unlock password, since this is pretty easy to spy over the shoulder as you told.
Problem I’ve seen is when apple cancels your iCloud account and locks you out of everything. I am now syncing my photos / notes / docs to other services just in case. Will do the same with passwords (using google chrome currently)
This is a good idea for my boomer parents who don’t want to download a bunch of apps, but I’m trying to get them to use something better than a web browser or physical notebook for their logins. For myself, I’ll stick to proton pass.
Using the same pin as my phone is a deal breaker for me. It’s funny I can create a Note with all my passwords in iOS and protect it with a custom password, and that would be more secure than this Passwords app. 😅
if they do get to all my passwords they still need to figure out what the 5stars is about: a code not stored anywhere else (buying me some time) All the most important passwords start with ‘*****password’ And recently decided to not let them know the passwords need an extra code to work. Also had to change some passwords in safari too but did not allowed ios to update the passwords
Well. I bought 1pass based on your recommendation. But your tutorial has you set it up on a computer. That’s not going to happen anytime soon. The app is very frustrating. So. How about a tutorial on setting it up on your iPhone please? 🙏🏻 ❤
I still have iOS 17.5.1 (like most) and I use the "passwords" feature inherent in the 'settings' area. Is this a secure way to store passwords or is third party apps still the way to go?
I will stick to proton pass too cus of cross platform issues. I have a mac, iPhone, and a Windows laptop as well. And I prefer to use firefox on windows. So no go for me.
Why doesn’t Apple do our passcodes like some ATMs. Everything you enter the passcode, the numbers on the keypad change. If someone notices a pattern, it won’t work for them.
You are not everyone. Anything that improves the experience and sets the stage for further improvements is welcome. Hopefully, some day it will put all security bloggers and researchers out of a job! ( Nothing personal, it's just that the industry is built on bad tools and worse fools ( users ). This will help the latter and will get better. )
@@AllThingsSecured I guess at the end of the day credit card info doesn't have anything to do with "Passwords", so you have to really stop for a second and think about that one.
Will you be using the new Passwords app from Apple when it comes out? Why or why not? And be sure to check out my video comparing the best third-party password manager options: th-cam.com/video/BsVkVa0n0T0/w-d-xo.html
Nah, I've been using 1Password for years. I've been happy with them. One app is enough.
I’m not gonna be utilizing it when it comes out with IOS18 because I use devices that run on different operating systems
Nope. It suffers the same issue as iOS has - using login passcode to access. I am also a multi-OS person. Apple only is automatically a “No” for me. Using Proton Pass which offers me additional options.
I'm using 1Password and am very happy with it.
I already use bitwarden so i'll stick with that. My wife however is a creature of convenience and cannot stand how locked down my bitwarden is. When the update comes through i'll likely migrate her to passwords.
You can say what you want about Apples Password manager, but the fact that it unlike many other popular third party ones has never suffered a data breach is incredible.
Most password managers haven’t either. I assume you’re thinking of the one LastPass case?
Doesn't mean it can't happen. Best practices is to write them down on paper and secure it in a fireproof safe... People need to stop depending on password manager apps as it's a target for hackers. iPhones have been jailbroken remotely (pegasus as an example) so it's not impossible.
@@NEVIXIA I totally agree, but if you’ve gotten infected with Pegasus, you’d have bigger problems at that point…
@@AllThingsSecured yup, last pass and, even though it isn’t a password manager, authy, which leaked millions of users phone numbers
It’s utterly useless for those of us who refuse to get locked into Apples walled garden.
I think Apple Passwords is the best choice for anyone in the Apple ecosystem. I’ve never felt the need to store my passports or IDs in a password app since they can be securely kept in the Notes app with a custom password. Concerns about hypothetical security issues seem like self-justifications for sticking with a third-party app. I understand that using cross-platform devices or not wanting to depend on one company are good reasons for opting for a third-party password manager tho.
I'll be moving to it. I won't have to pay 1password anymore and with all things Apple, it will work great and be well integrated into the phone.
Sounds good!
Except on Android devices!!!
Why do you pay 1password now? Why don't you use keychain?
😂😂😂 me too
@@daraghmacgabhann1005 Why use an Android ? Just kidding .
Notes on iOS can store Passport info etc and be locked behind Face ID. The app doesn't need to do that like other managers do.
Yea, I’m wondering if that’s maybe why Apple didn’t include it for Passwords.
Exactly, I don’t know why he didn’t mention that when he made such a big deal about not storing credit cards or passport info on the Passwords app. The only thing that I totally agree with is the cross platform issue. I Deal with that daily but the solution I have is when I’m sitting at my PC my phone is typically on the desk and I just open up the phone to the Passwords app and type it into the needed information on my PC. I promise, it’s not difficult.
If you enable stolen device protection, Face ID would be the only way to access the Passwords app. You would not be able to use the passcode
Correct, and iOS 18 also allows you to force FaceID. But I would prefer to have control over the passcode/master password.
You could double lock the app with Face ID
Turning on Stolen Device Protection means that, if Face ID verification fails, it will NOT allow the Passcode as a fallback option, it will only accept Face ID. This works with the Passwords app but also everywhere that asks for Face ID
Why are you talking like this would be new? The Apple Password Manager existed for a long time it was just inside the settings app and not a separate app. The only new function that this app has is the ability to generate wifi QR-Codes. So there wont be any Apple Users switching over to the new app since they are already using it just with a slightly different interface.
Question, does Apple Password only work with Safari browser or does it also work with other web browsers such as Google Chrome etc?
It has an extension that works with Chrome :)
Tip - store whatever info you need in Apple Notes and lock it in addition enable Face ID for Notes.
Agree. You can also do that in Files App.
I’ve been using Keychain for years now, and been really going crazy with security and privacy stuff this last year and even managed to enable 2FA via authenticator on any accounts that allow it, and made super strong passwords as well. Been running the beta of iOS 18 for a while now and the new Passwords app is awesome! Think Apple really just killed 1Password and a lot of others with this one haha.
I saw the reasons you put and they are 100% understandable, and although I consider that I am like you, in that I do not like to depend on a single company sometimes, or that I like to have extra security in certain internal apps beyond the code, in this case because I have several Apple devices I feel it is the only exception I am willing to make, as I want to have the benefits of having a code authenticator and my password manager in the same place, since I find it very complex, time consuming and even unsafe to have to re-install the apps I have every time I change devices or format, and it is extremely satisfying that once I log into a new Apple device, I have all my passwords at hand in a secure, private, easily accessible way but only if I put my face to unlock it.
I also like this kind of easier and quicker way to access my credentials because on a few past occasions I have been on the verge of losing my passwords both authenticator and regular passwords due to backups, expired subscriptions, etc and it sucks that feeling, but I totally understand that it doesn't work so well for someone who is not into the Apple ecosystem completely.
Exactly. As long as you understand that it works beat if you only use Apple devices, it's great.
I’ve been using the existing Keychain app and the extensions for Edge and Chrome work quite well, even allowing for newer features of the Keychain app, like shared passwords.
The iCloud for windows app is actually quite handy if you’re stuck using a Windows PC and need access to your otherwise Apple ecosystem.
Nice 👍
I am a dedicated apple user but I agree with this video. I like bitwarden.
really same thing i was thinking..one login password foe the password app is far too dangerous❤
it’s free…works really well…good enough for me👍 nice to save 65 bucks a year for 1password…thanks Apple🤗
Exactly my thought.
It's just an upgraded version of iCloud Keychain to make it more user friendly. Why haven't you used iCloud Keychain tho cuz it's free and working exactly the same way lol...
65 a year is crazy 40 for 2 years + 3 months is what i went by. Nordpass
If you in apples ecosystem fully and have no android devices that you would need to sign in on then apple’s password manager is a a good bet. Plus no major breaches so yea
"Apple is taking away any excuse to not use a password manager." I highly disagree with this. The majority of senior citizens do not know how to use most software on computers, tablets or phones. My parents (and most of my other family members parents and friend parents and other people I know's parents) don't even know how to use an Excel spreadsheet, or a money management application, let alone a password manager. It's not really their own fault. It's the fault os UI designers that only design software based on other software that is already out there. And, the majority of software is confusing and complicated and has small text and small buttons and on touch devices, requires to you do things with your fingers that many seniors can't do because of arthritis, etc. Anyway, there are A LOT of reasons that senior citizens can't use a password manager and all of those reasons have to do with complexity or even understanding how to create a user name and password for specific websites in the first place.
Not just senior citizens! Great comments.
Josh, you inspired me to create my own business based on cybersecurity as I am very interested in your content. I want to say thank you for this channel because I now found what my interest is in 🙂
Apple's new password app does NOT make the need for cross-platform compatibility go away, and it does not help anyone not in the Apple ecosystem. Companies like Bitwarden and 1Password and Proton Pass are not going to be sherlocked by this.
I agree.
@@AllThingsSecured I have a random question - what do you think about Ente Auth? Do you think it has potential? I want to have a cross-platform dedicated secure authenticator w/ native non-big-tech-cloud and non-self-hosted syncing in case Twilo goes off the walls and destroys Authy.
@@DamariobrosI just started using Ente after trying 2FAS add MS Authenticator and I prefer Ente, it’s got a few more features and unlike 2FAS it’s been audited.
Is this more or less just an enhanced, more user-accessible version of Keychain? I’m already using Keychain for many (not all) passwords, so this seems like a natural evolution - which I guess is Apple’s strategy. Thanks for the video!
Yes, it is! And it will automatically be transitioned over when you upgrade.
I thought I’d mention that (1) the keychain has had an interface for quite a long time, and (2) Apple’s Notes can encrypted and store things like your passport and other information.
Just to clarify, with Stolen Device Protection enabled, you NEED Face ID to get in, you can “trick” it a bit and have the passcode option pop up, but after inputting you passcode, it’ll still ask you for Face ID again. 😄
You can set up a separate password for any app on IOS 18
No. But you can set up Face ID for any app, and also hide any app.
It would seem a given that we could hide the Apple password app in the new ‘hidden folder’ feature. But no, it’s not possible? Out of all my apps this is the first one I’d like to hide - the reason being obvious.
I have switched from 1password to using the built-in tools inside macOS. I use the passwords feature, that’s accessible by the settings app, and this new password app, and then I store everything else that you are mentioning in secure notes in the notes app.
I do the all the same exact things, EXCEPT i use a separate app (Ente) for 2FA codes.
So, twilo has had breaches and has had quite a few problems in the past from what I understand. As someone who has all their 2fa with authy, wouldn’t apple’s solution benefit me is a very real way?
I moved to it and I love it. I’ve used Apple for well over 20 years and pretty much everything I do revolves around Mac and iPhone and iPad, both personally, and professionally, and as someone with a disability? 3/4 of mobile screen reader users use iPhone last I checked. :-)
After years as a Windows IT manager, I am now all-in on Apple, but won't be adopting this anytime soon. I know the keychain has been compromised in the past by malware. May reconsider in the future if Apple implements better security for the keychain.
Which malware are you referring to?
That’s only valid for MacOS though, which in general has great protection from malware in the first place. I’m not saying this is totally fool proof or will never happen, but malware on iPhone and iPad is pretty much non existent anyways
Apple’s security is pretty high in my opinion, especially if you just use Apple devices. As the way they have the ecosystem set up, it’s pretty much locked down from being breached. Just need to be cautious of receiving and accepting malicious and suspicious files, as most rats anyways nowadays are added by human reverse engineering into getting it downloaded and activated.
I am surprised you are not mentioning the obvious advantage that the Apple pw manager is free while most other options not only come as a one off cost but as a subscription - which is the most annoying lock-in. I agree that the ability to store and protect PII data and other assets would be good.
Thanks for the video. What I would like to know is, if you rely on a specific app to generate a username and/or password for you and most people might have upwards of about 75+ of them, do people right them all down as a back up? What happens if your password manager app/ company goes down for a few hours or a day, has a breach, goes out of business etc.... how do recover all that info? Do they have a way were you can print all of that info just in case or as a back up?
Some password managers let you export all your passwords to a file (I don’t think the Apple Passwords app does this). But obviously having all your passwords in a file is more risky than writing them down - if in a file, that means anyone who can get into your computer can get the file. Password managers usually keep a local encrypted copy of all your passwords, so it doesn’t matter if they go offline. What I did for a while was keep all my passwords both in Apple Keychain (now the Passwords app) as well as a third party password manager. But I’ve since realized that redundancy is not really needed, since every site lets you recover your password if you have access to your email or phone. Some sites do require two factor authentication (2FA), for those you need to have saved the backup codes they give you when you enable 2FA.
what is up with the titles of the timestamps? 😅
Looks like the added the wrong ones
My bad.
Yeah they not really making any sense
@@AllThingsSecured…
Yes, I've just purchased my first iphone ever on Friday and I started using the password app today and I'm really enjoying both my iphone 16 pro and the password app.
Good job Apple 🍎
Access to your passwords by face ID is going to make law enforcement delighted!
Nice to see someone that flies the same airline as me AirAsia. Good app by the way.
I am quite pleased that Apple have done this. I moved to Apple because of their security benefits. Who on earth would anyone open their phone with anyone looking over their shoulder.
Awesome video. New subscriber.
Great Video!
I’m excited for this. Not only is apple making their own native password manager but ITS FREE lol. Most people aren’t even going to use their password manager for any other reason other than to hold like their Facebook, chick fil a, or Starbucks login. So, apple is once again giving you what you need and leaving out the rest. It does suck that you basically have to be all in on iOS BUT, most people who are excited about this feature most likely have everything by Apple anyways lol.
It works well for those who love Apple, I agree.
It's free on paper, but not really. It is gate kept; you must have an apple device.
Nothing is ever free, you will be paying with your metadata
People who have expertise in data security will look at Apple Password in a different way than the rest of us will.
I'm a 1password user and I was convinced I would move it all to Apple's new Password app... until I saw your video. Thank you and I agree, I will stay with 1password
You are welcome!
Glad you have the money.
How is the Sticky Password? Is it reliable? I have a lifetime plan of it.
Yeah having a password manager that only works on ios doesn't do anything for me. I use a third party manager because I multiple different devices and a third party manager is device agnostic.
What will be new in the iOS updates for those who do not have iPhone 15 or 16??
I think another point to consider is that passkeys will slowly gain traction and it will become more and more common she’ll be able to login by scanning a QR code with your iPhone, which then lock you in from the past key stored on the iPhone. This will make it less and important where are you stole your pass keys.
Also, I hear a lot of talk about being locked into the Apple ecosystem if you choose the iCloud keychain / Passwords app now. If you have a Mac, it is absolutely possible to export all your passwords and 2FA codes an import to another password manager, and there is no “lock-in”. For passkeys it’s a different story, but the FIDO Alliance seems to be slowly working towards exploring and importing of pasties sometime in the future so lock-in of passkeys is most likely temporary. But of course, worth considering nonetheless.
Correct. For now, passkeys can’t be transferred.
All Things Secured, My guy, your channel is amazing. Let's collab!
I love when people whine about "locking yourself into the Apple ecosystem." It's always some young buck who has an authority issue or an anti-"The Man" attitude. After using it for 20 years now, there is nothing better.
Long time Apple user. I find it fantastic and free!
I pretty much agree with everything in this video. the apple only part of this is a downside, but having it using your apple creds and not some password manger only creds/keys is a huge nono.
also, haing all your eggs in one basket is sometimes bad.
Yea, separating my security is a priority for me.
Why is nobody talking about how well iOS integrates password management vs Android? The fact it just works in pretty much all major browsers, 3rd party apps and Apple apps is amazing. Is there a way to get Android to be as integrated for password autofill like iOS?
You can lock files in Files app, with password. Why would you need 2 apps to do the same thing?
I currently use 1Password, but I'm trying out the passwords app now to see if it fits my needs. Am I missing something, or is there no way to generate a password for an existing login? It only seems to generate one if I'm adding an entirely new login, but I can't seem to generate a password if, for example, I want to change my password on a site.
I am finding this with 1password. Did you figure out a work around?
Hmm…I’ve never tried that, but that would be a pretty bad missing feature!
To generate a new one for an existing login in you would need to hit edit then delete the old one. It’ll then show a prompt above the keyboard with a strong password suggestion. This is on the iPhone though, I haven’t tried it on Mac
On my iOS 18 public beta, I can only open Apple Passwords with Face ID. No option to use a code. A different code would be appreciated though, in case of face injury I guess.
Agreed.
The lack of a master password, that can be much stronger than the user account login is terrible.
Currently in iOS 17, Passwords located in Settings can not be opened by the device Pin (any longer). I don’t recall which update that was and changed that (needed) security setting. Is that not the case going forward with the new Passwords app?
No it should be the same
You can put in all sorts of text data under a name of some sorts - so all the passport data , CC data, etc.
Surely even your 3rd party PW App isn’t (as you imply) wholly independent as it sits on the iOS OS anyways so if there is any breach its as likely to be that than any other features of a 3rd party App that sits on top. This is the case for any App it’s only as strong or secure as whats underneath.
Face ID can be unlocked without your consent? Like police or someone forcing you physically
Just Close your Eyes then
@@bcharl😂😂😂
Thats why it would be better to have independent unlock codes.
If you ever come into contact with police, just hold the necessary button to power off, it forces the phone to require your password on the next unlock. People are quick enough to get their phone out and start recording at the mere sight of a cop, it’s even quicker and easier to lock your phone up.
Why is it not updating the passwords on the app when I change it? So frustrating!
My first experience with the new Passwords app involved signing up to a new app account. I allowed the Apple security system to suggest a secure password. When I went to sign onto the app, the password was not available, and was not present in the password app. A real fail.
What are you going to use? Are you using a third party?
Problem exists between phone and chair
If I don’t use the iPhone password app I can no longer autofill any of my passwords. Normally they’re saved in safari settings or something. So now if I delete the new password app you no longer have saved passwords to autofill. That’s ridiculous. I don’t want a password app that says look at me as an app.
@@ThePorshaEdmun yea but u can’t delete the password app. If u do you can no longer use autofill on websites
@@Wesley-Houlas I'm not understanding your issue here. If you don't want to use the app, then don't. Just remove it from your home screen. You don't have to delete it. Autofill will still be enabled. That way if you by chance need it later, you can access it from your App Library. It's better to have it and not need it than need it and not have it.
The icloud keychain on windows is working at acceptable rate. Although not seamless.
The only downside is that it’s really vendor locking.
Is there no option to write any notes for any of the login accounts eg: signed up on X date, bought Y, app key details, subscription ends on this date, cancelled because of reasons?
There is a section to save notes on a new login. I think that addresses your need?
Being dependent on Apple for everything sounds expensive. I’ve learned my lesson from so many other apps that lured me in with some feature then I’m struggling to get out of that ecosystem.
I’d rather go open source where I have full control of my data and I’m not on a platform that can get as expensive as Apple.
Plus I like having full control of my data and not getting dependent on Apple to make things “easy “ for me.
Good for you, although going away from Apple doesn’t have to be open source.
Open Source Code does NOT necessarily mean that it is audited and that all vulnerabilities are discovered and remediated in a timely manner.
I feel that there just cleaning up the settings app the passwords app was pretty much around for years
Could someone looking over your shoulder and seeing your phone passcode get into everything? Won't they need your phone as well?
Well for starters, you shouldn't be entering your passcode in plain view of anyone else. You should rely only on Face ID when in public. But to answer your question: yes they would need your phone itself to actually do anything if they know your passcode.
It is all subjective. It is your opinion. For me, it is about time Apple provided an app so you do not have to dig into Safari settings on a Mac, iPhone, tablet, or MacBook. One stop, shop all is my motto.
I strongly agree that putting all your eggs in one basket is not the greatest of ideas. With the recent global issue of computers getting the blue screen of death should at least hint that having options or your things spread out is beneficial.
Definitely. What a mess.
Great video, sound advice.
Thanks! 🙏
Hey, thanks for a great video, certainly some very thought-provoking security info.
I accidentally stumbled on a new setting, if you long press on the Passwords app, there’s an option to select require Face ID (seems like you can do this with many apps)… This prevents you from being able to type in a manual password and forces you to verify with Face ID… Could you look into this and repost a new video With additional considerations given the pin loophole seems to have a fix?
Thanks for the tip!
that's not a fix at all. If it doesn't recognize your face, it will always default to your device password. No matter which app or function, it's just how FaceID is designed. The only exception is stolen device protection.
@@PvtAnonymous realized that as well, if you cause it to cancel out it defaults back to the key which is annoying. They will need to fix this loophole if they want a secure product. Either way I’m a 1Pw convert now since Apple doesn’t have a truly secure product
@@bobekdj same here. I use a self-hosted Bitwarden instance and don't have to deal with the normie-shenanigans anymore. Just the feature set of Bitwarden already trumps Apple's Passwords app.
I didn’t like that i cannot disable passcode and use only face id or touch id. That is why i do not what to use it yet.
If you use one password one company has all your information
Great video. It makes perfect sense not to have everything in one place. It's strange that Apple didn't thing of documents, passport info and other things when they made this app. Maybe they're not as professional as they thought they were.
I’m sure they’ll add it later.
It’s a good free alternative for those that have apple and eventually windows, which I imagine will remain as it is; an extension.
Obviously better options out there, but for free - what’s not to like
Agreed. A slick app for sure.
I think you did some copy-pasta on the description because there are chapter markers that make no sense for this video...
That aside, I completely agree with having your password manager separate from the OS and the 2FA utility separate from the password manager.
Thanks! It’s been fixed.
for me i prefer the comfort of not having a thousand different security apps and as far as I know, Apple does a great job at being secure. I would recommend not using a six digit numbers only unlock password, since this is pretty easy to spy over the shoulder as you told.
Problem I’ve seen is when apple cancels your iCloud account and locks you out of everything. I am now syncing my photos / notes / docs to other services just in case. Will do the same with passwords (using google chrome currently)
This is a good idea for my boomer parents who don’t want to download a bunch of apps, but I’m trying to get them to use something better than a web browser or physical notebook for their logins. For myself, I’ll stick to proton pass.
Exactly 👍🏻
I will not use apples PW manager. I use too many OS’s and already trust the one I use.
Makes sense.
Using the same pin as my phone is a deal breaker for me.
It’s funny I can create a Note with all my passwords in iOS and protect it with a custom password, and that would be more secure than this Passwords app. 😅
if they do get to all my passwords they still need to figure out what the 5stars is about: a code not stored anywhere else (buying me some time) All the most important passwords start with ‘*****password’
And recently decided to not let them know the passwords need an extra code to work.
Also had to change some passwords in safari too but did not allowed ios to update the passwords
For OPSEC reasons, I will not put all my Apples in one basket 😉
having 2FAs and password/passkeys on the same app/company I think is a bad idea
You mentioned there is a chrome extension for the password app?
I believe so, although I haven’t tested it personally.
Wasn’t One Password massively compromised not so long ago?
I think you may be thinking of Last Pass??
No, it wasn’t. Perhaps you’re thinking of LastPass?
Well. I bought 1pass based on your recommendation. But your tutorial has you set it up on a computer. That’s not going to happen anytime soon. The app is very frustrating. So. How about a tutorial on setting it up on your iPhone please? 🙏🏻 ❤
Hmm…good suggestion! Thanks. I’ll see what I can do.
I still have iOS 17.5.1 (like most) and I use the "passwords" feature inherent in the 'settings' area.
Is this a secure way to store passwords or is third party apps still the way to go?
I would say yes.
It’s better than nothing and if it works don’t fix it. That said, I prefer 3rd party apps.
Good grief, as if oversized microphones on TH-cam weren’t bad enough, now we have one moving around to be even more distracting.
I will stick to proton pass too cus of cross platform issues. I have a mac, iPhone, and a Windows laptop as well. And I prefer to use firefox on windows. So no go for me.
I want to separate my stuff. Dont put all your eggs on one basket.😮
That’s exactly right.
keepass will stay on top for me
Why doesn’t Apple do our passcodes like some ATMs. Everything you enter the passcode, the numbers on the keypad change. If someone notices a pattern, it won’t work for them.
Using numeric passcodes is a mistake, regardless oof entry method.
But my Bitwarden runs so janky on my iOS devices and i’m getting really tired of it.
I have never had any issues, been using it for a year now.
That sucks.
Does the passwords app have import and export features?
It has import for sure. I haven’t looked for export but I assume it would be there.
You are not everyone. Anything that improves the experience and sets the stage for further improvements is welcome. Hopefully, some day it will put all security bloggers and researchers out of a job! ( Nothing personal, it's just that the industry is built on bad tools and worse fools ( users ). This will help the latter and will get better. )
Credit card information is already available for storage under Safari auto fill. Not necessary for it to be in passwords app.
That’s not helpful, though. Just like WiFi passwords, it should be combined so that it can be used across different apps (like Brave, for example).
@@AllThingsSecured I guess at the end of the day credit card info doesn't have anything to do with "Passwords", so you have to really stop for a second and think about that one.
If this app is not cross platform it's not putting anybody out of business.
There is a Chrome extension and it works on the Windows iCloud app
Only if there is android app for keychain
I’ve used keeper security without issue for years. I don’t want everything in one basket.
Same
Can it generate new alphanumeric passwords like any Password Manager App?
Yes, it can
It only create pass phrases and same symbol (hyphen) every time, sometimes phrase doesn’t include numbers also
I have already something better but it is good for others.
Exactly.
Of course Apple isn't going to put these apps out of business. There are plenty of people who don't use Apple products and have no intention to.
I agree.